From: Avi Kivity <avi@xxxxxxxxxx> Subject: Re: EuroSec'11 Presentation Date: Mon, 11 Apr 2011 18:48:41 +0300 > On 04/11/2011 06:46 PM, Kuniyasu Suzaki wrote: > > > > > > But it's a well known issue with colocation and the attack can be > > > executed just by looking at raw memory access time (to guess whether > > > another process brought something into the cache). > > > > Thank you for comments. > > The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22). > > > > If we limit KSM on READ-ONLY pages, we detect and prevent the attack. > > I also think most memory deduplication is on READ-ONLY pages. > > > > With EPT or NPT you cannot detect if a page is read only. > > Furthermore, at least Linux (without highmem) maps all of memory with a > read/write mapping in addition to the per-process mapping, so no page is > read-only. Unfortunately, yes. Linux kernel maps all memory with read/write. I met this problem already. I have to find another OS which clearly separete read only pages. I also know the CPU can not distinguish read only pages. However, If a VMM can trace CR3 and retrive the page tables, we can distinguish read only page or not. Yes, it is a academic interest. ------ suzaki -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
